package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.util.Arrays;

/* loaded from: classes2.dex */
public class TlsClientProtocol extends TlsProtocol {
    protected TlsClient a;
    protected m b;
    protected byte[] c;
    protected TlsKeyExchange d;
    protected TlsAuthentication e;
    protected CertificateStatus f;
    protected CertificateRequest g;

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public TlsClientProtocol(java.io.InputStream r5, java.io.OutputStream r6) {
        /*
            r4 = this;
            org.bouncycastle.crypto.prng.ThreadedSeedGenerator r0 = new org.bouncycastle.crypto.prng.ThreadedSeedGenerator
            r0.<init>()
            java.security.SecureRandom r1 = new java.security.SecureRandom
            r1.<init>()
            r2 = 20
            r3 = 1
            byte[] r0 = r0.generateSeed(r2, r3)
            r1.setSeed(r0)
            r4.<init>(r5, r6, r1)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.tls.TlsClientProtocol.<init>(java.io.InputStream, java.io.OutputStream):void");
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = null;
    }

    private void b(Vector vector) throws IOException {
        this.a.processServerSupplementalData(vector);
        this.z = (short) 3;
        this.d = this.a.getKeyExchange();
        this.d.init(this.b);
    }

    private void e(ByteArrayInputStream byteArrayInputStream) throws IOException {
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        if (readVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.equals(this.m.l)) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.isEqualOrEarlierVersionOf(this.b.getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.m.m = readVersion;
        this.b.b = readVersion;
        this.a.notifyServerVersion(readVersion);
        this.t.h = TlsUtils.readFully(32, byteArrayInputStream);
        this.c = TlsUtils.readOpaque8(byteArrayInputStream);
        byte[] bArr = this.c;
        if (bArr.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.a.notifySessionID(bArr);
        boolean z = false;
        this.A = this.c.length > 0 && this.r != null && Arrays.areEqual(this.c, this.r.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(this.v, readUint16) || readUint16 == 0 || readUint16 == 255) {
            throw new TlsFatalAlert((short) 47);
        }
        this.a.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(this.w, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.a.notifySelectedCompressionMethod(readUint8);
        this.y = c(byteArrayInputStream);
        if (this.y != null) {
            Enumeration keys = this.y.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(h) && TlsUtils.getExtensionData(this.x, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(this.y, h);
        if (extensionData != null) {
            this.C = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsUtils.encodeOpaque8(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.a.notifySecureRenegotiation(this.C);
        Hashtable hashtable = this.x;
        Hashtable hashtable2 = this.y;
        if (this.A) {
            if (readUint16 != this.s.getCipherSuite() || readUint8 != this.s.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable = null;
            hashtable2 = this.s.readServerExtensions();
        }
        this.t.b = readUint16;
        this.t.c = readUint8;
        if (hashtable2 != null) {
            this.t.i = a(hashtable, hashtable2, (short) 47);
            this.t.j = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable2);
            this.D = !this.A && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!this.A && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsProtocol.i, (short) 47)) {
                z = true;
            }
            this.E = z;
        }
        if (hashtable != null) {
            this.a.processServerExtensions(hashtable2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public final void a() {
        super.a();
        this.c = null;
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = null;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:27:0x0053. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected final void a(short s, byte[] bArr) throws IOException {
        TlsCredentials clientCredentials;
        Certificate certificate;
        byte[] a;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        if (this.A) {
            if (s != 20 || this.z != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            a(byteArrayInputStream);
            this.z = (short) 15;
            j();
            this.z = (short) 13;
            this.z = (short) 16;
            return;
        }
        if (s != 0) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
            if (s == 2) {
                if (this.z != 1) {
                    throw new TlsFatalAlert((short) 10);
                }
                e(byteArrayInputStream);
                this.z = (short) 2;
                if (this.t.i >= 0) {
                    this.m.a(1 << (this.t.i + 8));
                }
                this.t.d = a(this.b, this.t.getCipherSuite());
                this.t.e = 12;
                this.m.b();
                if (this.A) {
                    this.t.f = Arrays.clone(this.s.getMasterSecret());
                    this.m.a(this.a.getCompression(), this.a.getCipher());
                    i();
                    return;
                }
                h();
                byte[] bArr2 = this.c;
                if (bArr2.length > 0) {
                    this.r = new r(bArr2, null);
                    return;
                }
                return;
            }
            if (s != 4) {
                if (s == 20) {
                    if (this.z != 13) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    a(byteArrayInputStream);
                    this.z = (short) 15;
                    this.z = (short) 16;
                    return;
                }
                if (s == 22) {
                    if (this.z != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (!this.D) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.f = CertificateStatus.parse(byteArrayInputStream);
                    b(byteArrayInputStream);
                    this.z = (short) 5;
                    return;
                }
                if (s == 23) {
                    if (this.z != 2) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    b(d(byteArrayInputStream));
                    return;
                }
                switch (s) {
                    case 11:
                        short s2 = this.z;
                        if (s2 == 2) {
                            b((Vector) null);
                        } else if (s2 != 3) {
                            throw new TlsFatalAlert((short) 10);
                        }
                        this.u = Certificate.parse(byteArrayInputStream);
                        b(byteArrayInputStream);
                        if (this.u == null || this.u.isEmpty()) {
                            this.D = false;
                        }
                        this.d.processServerCertificate(this.u);
                        this.e = this.a.getAuthentication();
                        this.e.notifyServerCertificate(this.u);
                        this.z = (short) 4;
                        return;
                    case 12:
                        short s3 = this.z;
                        if (s3 == 2) {
                            b((Vector) null);
                        } else if (s3 != 3) {
                            if (s3 != 4 && s3 != 5) {
                                throw new TlsFatalAlert((short) 10);
                            }
                            this.d.processServerKeyExchange(byteArrayInputStream);
                            b(byteArrayInputStream);
                            this.z = (short) 6;
                            return;
                        }
                        this.d.skipServerCredentials();
                        this.e = null;
                        this.d.processServerKeyExchange(byteArrayInputStream);
                        b(byteArrayInputStream);
                        this.z = (short) 6;
                        return;
                    case 13:
                        short s4 = this.z;
                        if (s4 == 4 || s4 == 5) {
                            this.d.skipServerKeyExchange();
                        } else if (s4 != 6) {
                            throw new TlsFatalAlert((short) 10);
                        }
                        if (this.e == null) {
                            throw new TlsFatalAlert((short) 40);
                        }
                        this.g = CertificateRequest.parse(this.b, byteArrayInputStream);
                        b(byteArrayInputStream);
                        this.d.validateCertificateRequest(this.g);
                        TlsUtils.a(this.m.k, this.g.getSupportedSignatureAlgorithms());
                        this.z = (short) 7;
                        return;
                    case 14:
                        switch (this.z) {
                            case 2:
                                b((Vector) null);
                            case 3:
                                this.d.skipServerCredentials();
                                this.e = null;
                            case 4:
                            case 5:
                                this.d.skipServerKeyExchange();
                            case 6:
                            case 7:
                                b(byteArrayInputStream);
                                this.z = (short) 8;
                                this.m.k.b();
                                Vector clientSupplementalData = this.a.getClientSupplementalData();
                                if (clientSupplementalData != null) {
                                    a(clientSupplementalData);
                                }
                                this.z = (short) 9;
                                CertificateRequest certificateRequest = this.g;
                                if (certificateRequest == null) {
                                    this.d.skipClientCredentials();
                                    clientCredentials = null;
                                } else {
                                    clientCredentials = this.e.getClientCredentials(certificateRequest);
                                    TlsKeyExchange tlsKeyExchange = this.d;
                                    if (clientCredentials == null) {
                                        tlsKeyExchange.skipClientCredentials();
                                        certificate = Certificate.EMPTY_CHAIN;
                                    } else {
                                        tlsKeyExchange.processClientCredentials(clientCredentials);
                                        certificate = clientCredentials.getCertificate();
                                    }
                                    a(certificate);
                                }
                                this.z = (short) 10;
                                TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 16);
                                this.d.generateClientKeyExchange(aVar);
                                aVar.a();
                                this.z = (short) 11;
                                a(this.b, this.d);
                                this.m.a(this.a.getCompression(), this.a.getCipher());
                                n c = this.m.c();
                                if (clientCredentials != null && (clientCredentials instanceof TlsSignerCredentials)) {
                                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientCredentials;
                                    if (TlsUtils.isTLSv12(this.b)) {
                                        signatureAndHashAlgorithm = tlsSignerCredentials.getSignatureAndHashAlgorithm();
                                        if (signatureAndHashAlgorithm == null) {
                                            throw new TlsFatalAlert((short) 80);
                                        }
                                        a = c.b(signatureAndHashAlgorithm.getHash());
                                    } else {
                                        a = a(this.b, c, (byte[]) null);
                                    }
                                    DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(a));
                                    TlsProtocol.a aVar2 = new TlsProtocol.a(this, (short) 15);
                                    digitallySigned.encode(aVar2);
                                    aVar2.a();
                                    this.z = (short) 12;
                                }
                                i();
                                j();
                                this.z = (short) 13;
                                return;
                            default:
                                throw new TlsFatalAlert((short) 40);
                        }
                        break;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
            } else {
                if (this.z != 13) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (!this.E) {
                    throw new TlsFatalAlert((short) 10);
                }
                h();
                NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
                TlsProtocol.b(byteArrayInputStream);
                this.a.notifyNewSessionTicket(parse);
                this.z = (short) 14;
            }
        }
        b(byteArrayInputStream);
        if (this.z == 16) {
            if (TlsUtils.isSSL(this.b)) {
                throw new TlsFatalAlert((short) 40);
            }
            a((short) 100, "Renegotiation not supported");
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected final a b() {
        return this.b;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected final TlsPeer c() {
        return this.a;
    }

    public void connect(TlsClient tlsClient) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.a != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.a = tlsClient;
        this.t = new SecurityParameters();
        this.t.a = 1;
        this.t.g = a(this.n);
        this.b = new m(this.n, this.t);
        this.a.init(this.b);
        this.m.a(this.b);
        TlsSession sessionToResume = tlsClient.getSessionToResume();
        if (sessionToResume != null && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            this.r = sessionToResume;
            this.s = exportSessionParameters;
        }
        this.m.m = this.a.getClientHelloRecordLayerVersion();
        ProtocolVersion clientVersion = this.a.getClientVersion();
        if (clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        this.b.a = clientVersion;
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        if (this.r != null && ((bArr = this.r.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.EMPTY_BYTES;
        }
        this.v = this.a.getCipherSuites();
        this.w = this.a.getCompressionMethods();
        if (bArr.length > 0 && this.s != null && (!Arrays.contains(this.v, this.s.getCipherSuite()) || !Arrays.contains(this.w, this.s.getCompressionAlgorithm()))) {
            bArr = TlsUtils.EMPTY_BYTES;
        }
        this.x = this.a.getClientExtensions();
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 1);
        TlsUtils.writeVersion(clientVersion, aVar);
        aVar.write(this.t.getClientRandom());
        TlsUtils.writeOpaque8(bArr, aVar);
        boolean z = TlsUtils.getExtensionData(this.x, h) == null;
        boolean z2 = !Arrays.contains(this.v, 255);
        if (z && z2) {
            this.v = Arrays.append(this.v, 255);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(this.v, aVar);
        TlsUtils.writeUint8ArrayWithUint8Length(this.w, aVar);
        if (this.x != null) {
            a(aVar, this.x);
        }
        aVar.a();
        this.z = (short) 1;
        d();
    }
}
